After replacing a certificate in SSPI, SSPI install/upgrade failed with error: KubeadmControlPlane is invalid: Too long: may not be more than 10240 bytes
search cancel

After replacing a certificate in SSPI, SSPI install/upgrade failed with error: KubeadmControlPlane is invalid: Too long: may not be more than 10240 bytes

book

Article ID: 418636

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

SSPI install/upgrade failed could failed if the new SSPI certificate is too large.

Environment

SSPI 5.1.0 install/upgrade

Cause

After updating the sspi certificate, SSPI install/upgrade uses the the prekubeadmcommand field in kubeadmcontrolplane/kubeadmconfigtemplate to replace the certificate. While the new certificate is embedded in the prekubeadmcommand,  the command has a max size of 10k bytes. Consequently, for a large/chained certificate, we could exceed prekubeadmcommand max limit.

Resolution

 Please contact Broadcom support to fix the issue.

Additional Information

This issue is fixed in SSP 5.1.1

Powered by Wolken Software